Speakers 2025

Perri Adams

Automating Your Job? The Future of AI and Exploit Development - KEYNOTE

The extent of artificial intelligence’s abilities is the topic du jour in academia, industry, geopolitics, and even on social media. For good reason: AI has the ability to upend society in a new technological revolution. In AI-safety discussions, focus has concentrated on AI’s abilities to specialize in several specific, highly-skilled areas of expertise, one of which is offensive cyber. But, as practitioners in this space know well, expertise is difficult to hone, and hard to come by. It will take years to fully understand how AI will enable reverse engineering, vulnerability discovery, and exploit development, but over the last several years, we have begun to form an understanding of what models do well, and where they struggle. In this keynote, we’ll dive into what models are capable of today, what they may accomplish tomorrow, and how they will alter this area of computer science in the years to come. From fundamental realities of computer science, such as the Halting Problem and state explosion, to the question of emergent capabilities in models and the ongoing quest to develop metrologies for their performance in specialized areas, the AI community needs the expertise of offensive security practitioners to understand what this technology can, and cannot, do. And perhaps, in turn, the offensive security community needs AI to bring about the next generation of innovation. Read more...

Dino Dai Zovi

How Offensive Security Made Me Better at Defense - KEYNOTE

In many ways, there is often a creative tension between security and functionality or flexibility. We can often improve security by restricting what is possible, but at the same time, high-quality systems and software engineering provides functionality and flexibility, even for unanticipated use-cases. It turns out that the hardest problem on defense is knowing precisely how much security is the right amount everywhere, all at once. If you secure things too much, you can suffocate future growth, but if you don’t secure them enough, you might get pwned. Read more...

Richard Abou Chaaya and John Stephenson

Garbage Collection in V8

Garbage collection is a fundamental part of any JavaScript engine. From a security research perspective it is interesting both as a rich attack surface and as a source of primitives for exploitation and reliability. Read more...

Matteo Rizzo, Kristoffer `spq` Janke, Josh Eads and Eduardo Vela Nava

EntrySign: create your own x86 microcode for fun and profit

Microcode is a fundamental building block for x86 CPUs – implementing everything from complex x86 instructions, to privilege transitions and virtualization. Beyond ring 0 and SMM lies the microcode privilege level, with maximum control over the x86 core and the internal buffers within. Read more...

joernchen

Parser Differentials: When Interpretation Becomes a Vulnerability

Parsers are fundamental components of modern systems, silently processing everything from network protocols to file formats - and rarely do they stand alone. This talk delves into parser differential bugs: The fascinating and dangerous phenomena that emerge when these different parsers interpret the same message in slightly different ways. Read more...

Angelboy

Frame by Frame, Kernel Streaming Keeps Giving Vulnerabilities

Kernel Streaming emerged as a new attack surface in the Windows kernel last year, leading to numerous in-the-wild exploits. Over the past year, we also uncovered “proxying to kernel”, a logical bug class that circumvents many privilege checks in the kernel, making exploitation very straightforward. However, this is just the tip of the iceberg for Kernel Streaming. Read more...

Cedric Halbronn and Jael Koh

Hunting for overlooked cookies in Windows 11 KTM and baking exploits for them

The Windows Kernel Transaction Manager (KTM) driver is a widely accessible yet critically overlooked attack surface.Thanks to prior research by Cedric Halbronn and Aaron Adams into an in-the-wild KTM exploit, (CVE-2018-8611) most of KTM's internals have been well documented - except two objects. Read more...

Ken Gannon

Chainspotting 2: The Unofficial Sequel to the 2018 Talk "Chainspotting"

At Pwn2Own Ireland 2024 (sometimes referred to as Mobile Pwn2Own 2024), there were 61 entries targeting...IoT devices and printers. No wonder "mobile" is not in the event's title anymore. Thankfully, there was still 1 entry that targeted, and successfully pwned, the Samsung Galaxy S24. And now that the issues are patched, it is time to disclose those technical details! Read more...

fish and Ling Hanqin

Skin in the game: Survival of GPU IOMMU irregular damage

As the attack surface of modern Android devices shrinks and the number of software and hardware mitigations increases, GPU drivers have emerged as a prime target for mobile device exploitation. In this presentation, we will explain the memory management methods of the three GPUs (Adreno, Mali, and PowerVR), highlight their similarities and differences. Read more...

Lukas Bernhard

Attacking Browsers via WebGPU

WebGPU is a new browser standard that allows us to access the capabilities of GPUs from the web -- benefiting complex computations, such as required by game engines and local LLMs. But the complex machinery needed to convert a shader program into native GPU machine code means a huge attack surface is now reachable from the web. Read more...

Daniel Klischies and David Hirsch

No Signal, No Security: Dynamic Baseband Vulnerability Research

What if you do not need to be a journalist accidentally invited into a Signal group to snoop on someones communication? What if you could gain RCE on a smartphone without a complex combination of exploits, ASLR bypasses and ROP chains? Join us to learn how we got remote code execution on MediaTek basebands using BaseBridge, an extension to the FirmWire baseband emulator. Read more...

Chariton Karamitas

KernelGP: Racing against the Android kernel

Race conditions constitute a major vulnerability class affecting all types of concurrent software, with the Android kernel being no exception. In this presentation, after summarizing existing work, we will present 4 novel userland techniques for forcing the Android kernel to block, thus allowing an attacker to win race conditions more easily. Read more...

Seth Jenkins

Android In-The-Wild: Unexpectedly Excavating a Kernel Exploit

Kernel crash logs from an in-the-wild Android exploit represent a rare window into real-world attacker techniques - but without a corresponding exploit sample, deriving insight from these limited artifacts is a substantial technical challenge. Read more...

Dillon Franke

Breaking the Sound Barrier: Exploiting CoreAudio via Mach Message Fuzzing

This research presents a deep dive into macOS Inter-Process Communication (IPC) security, focusing on the often-overlooked attack surface of Mach message handlers. These handlers are commonly used by system daemons to expose privileged, RPC-like functionality—and their complexity creates opportunities for sandbox escapes and local privilege escalation. Read more...

Jeong Wook Oh, Rishika Hooda and Xuan Xing

Fighting cavities: Securing Android Bluetooth by Red teaming

Bluetooth security has been a risky area due to multiple factors: its remotely accessible nature, the stack’s complexity and privileged execution context in the Android platform are a perfect combination that has been attracting the attention of security researchers for years. In this session the authors will talk about the offensive Bluetooth research aiming at identifying remotely exploitable vulnerabilities in AOSP’s. Read more...

Ivan Fratric

Finding and Exploiting 20-year-old bugs in Web Browsers

Although XSLT in web browsers has been a known attack surface for some time, there are still plenty of bugs to be found in it, when viewing it through the lens of modern vulnerability discovery techniques. In this presentation, we will talk about how we found multiple vulnerabilities in XSLT implementations across all major web browsers. Read more...

Corentin BAYET and Bruno PUJOS

Journey to freedom: Escaping from VirtualBox

Exploiting a hypervisor is already a challenge; chaining it with a Windows kernel LPE to achieve full host compromise makes it even harder. At Pwn2Own Vancouver 2024, we broke free from VirtualBox and escalated our privileges on the Windows host, turning a controlled guest VM into full administrator access on the host. This session dives into VirtualBox's internals and architecture, offering a comprehensive overview that highlights critical vulnerabilities discovered. It will cover how we identified and exploited multiple vulnerabilities, bypassed mitigations, and executed arbitrary code on the host. This includes insights into research strategies, focus selection, tool usage, and lessons learned from mistakes. We’ll conclude with an inside look at the Pwn2Own contest itself: our exploit setup, the hardware surprises, and how everything came together. If you’re into hypervisor exploitation, or just enjoy a good hacking war story, this talk is for you. Read more...